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Field of the Disclosure 

[0001] The present disclosure relates generally to provisioning procedures for networks. 

Background , 

[0002J In connection with the deployment of high speed data communications networks, 
manual methods and some forms of automated provisioning software tools have been 
used. Some of such provisioning tools are available for multi protocol label switching 
(MPLS) virtual private network (VPN) services. 

[0003] However, these provisioning tools have some significant drawbacks. For 
example, operators are required to have an in-depth understanding of the technical details 
of the MPLS BGP/VPN technology and how to translate a customer's general 
requirement into such technical details. The operator is required to provide technical 
details and make technical decisions, such as the specific assignment and deployment of 
virtual routing and forwarding (VRFs), route targets (RTs), routiilg redistribution, site of 
origin, and other similar technical network details. 

[0004] Secondly, these approaches/tools typically require operators to provision each 
customer edge router/provider edge router (CE-PE) access individually, again requiring 
knowledge of technical details, which makes the provisioning process/procedures 
complex and error prone. The troubleshooting of mistakes made during this process is 
usually difficult and costly. 
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[0005] Thirdly, these approaches/tools do not provide the flexibility needed to easily 
accommodate new VPN topology and service changes. Accordingly, there is a need for 
an improved system and method of provisioning MPLS/VPN systems. 

BRIEF DESCRIPTION OF DRAWINGS 
[0006] FIG. 1 is general diagram that illustrates an automated provisioning process. 

[0007] FIG. 2 is a general diagram that illustrates an MPLS/VPN service provisioning 
table. 

[0008] FIG. 3 is a general diagram that illustrates a rule set for VRF and RT mapping. 

[0009] FIG. 4 is a general diagram that illustrates tables for VPN to CE mapping for 
various PE elements. 

[0010] FIG.5 is a block diagram to illustrate a network and computer system that may be 
used to execute a provisioning process. 

[0011] FIG. 6 is a flow diagram that illustrates a particular provisioning procedure. 

[0012] FIG. 7 is a flow diagram that illustrates other aspects of a provisioning procedure. 

[0013] FIG. 8 is a flow diagram that illustrates a method of provisioning a modified 
topology. 

DETAILED DESCRIPTION 

[0014] The present disclosure is generally directed to a method of provisioning a virtual 
private network and a computer network operations system that is configured to provide 
such provisioning. In a particular embodiment, the automated method of provisioning a 
virtual private network includes receiving a high level description of a topology of a 
network, applying a set of rules to the topology of the network to produce a plurality of 
route targets (RTs) associated with virtual private networks to be assigned to the network, 
grouping a set of route targets from the plurality of route targets with respect to each 
customer equipment node within the network to form a group of route target sets, 

-2- 

I033-LB1029 Final Patent AppIication.doc 



Attorney Docket No.: 1033-LB1029 



removing duplicate sets of route targets from the group of route target sets to form a 
reduced size set of route targets; assigning each set of route targets in the reduced size set 
of route targets to a VRF all the CEs with the same RT set on one PE should share one 
VRF, and generating an output file including output data that identifies each of the VRFs 
and the associated route targets assigned to each of the VRFs. 

[0015] In a particular embodiment, the computer network operations system includes a 
terminal having a display portion, a data input device to receive input from a user, and a 
computer system having a memory and a processor. The computer system is coupled to 
the terminal and to the data input device. The display portion of the terminal provides an 
input screen having a data format configured to prompt the user to provide high-level 
network topology data via the data input device. The high-level network topology data 
includes virtual private network information with respect to a backbone data network. 
The computer system converts the high-level network topology data into a set of route 
targets to be assigned to VRFs. The set of assigned route targets are stored in the 
memory. 

[0016] The disclosed method and system provides a new service provision interface that 
allows operator use without requiring many of the specific technical network details. 
Further, the translation from a customer's requirements into technical network 
configuration commands are handled using an automated method that is transparent to the 
operator. The technical requirements for operators are significantly reduced allowing 
operators with less technical experience can be trained at a lower cost. Further, the VPN 
service order process to be handled more efficiently and more quickly. Also, due to 
automation, the number of mistakes made during the provisioning process is reduced. 

[0017] In addition, the disclosed service provisioning method allows provisioning in an 
efficient manner using an overall system view instead of a link by link method. The 
disclosed provisioning system may consider the cost of assigning VRFs as well as access 
costs when determining which provider edge router (PE) a particular customer edge 
router (CE) is to be attached to. 
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[0018] Referring to FIG. 1 5 a flow diagram that illustrates a particular embodiment of a 

provisioning procedure is shown. The flow diagram includes a first table 102 that is 

i 

formed by operator input and includes an automated provisioning system 130 that 
includes a plurality of additional tables created by an automated software tool. The 
output 132 from the automated provisioning processing is a set of commands that are 
deployed to a network, such as to various PE nodes within an MPLS network. Data files 
122 may be exported from the automated provisioning system 130 and sent to other 
systems, such as a troubleshooting system 140 or a billing system 150. The data files 122 
provided by the provisioning system 130 are often useful to technical support personnel 
in resolving technical problems reported by customers, such as issues relating to network 
configurations and performance. Also, the billing system 150 may use input from the 
exported file 122 to add new billing parameters and to charge for use of network 
resources, such as charges based on the number of virtual routing and forwarding 
elements (VRFs) used by a particular VPN topology. Thus, the cost of assigning VRFs 
may be considered in the bills sent to customers. 

[0019] The operator inputted table 102 includes a first part that includes data to identify 
customer edge router (CE) and associated VPNs. A second part of the table 102 
identifies layer 2 and layer 3 network requirements received from customers. The third 
part of the operator table 102 includes interfaces and IP address assignments. A resulting 
data table 108 is provided to the automated provisioning system 130. Within the 
provisioning system 130 a set of, VRF/RT rules 104 are used to generate a table 106 that 
includes assigned VRFs and RTs. Also, a table 112 having interface and routing 
generation rules is used to create CLI commands, such as in table 1 14, for each VRF and 
each associated CE-PE interface. The outputs from the generated VRFs and RTs and the 
CLI commands are communicated to a module 120 to generate CLI commands for the 
CEs and prepare data to be communicated to PEs. The resulting data output 132 is then 
deployed to PEs to deploy the provisioned topology in the network. An example of a 
VRF is found within a commercial router, such as those made by Cisco, Inc., that are 
deployed in distributed data communication networks. 
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[0020] Referring to FIG. 2, an example of the operator inputted table 102 is illustrated. 
The table 102 includes a first portion 202, a second portion 204, and a third portion 206. 
The first portion 202 includes VPN to CE mapping and topology selection or each VPN. 
The second portion 204 identifies the layer 2 and layer 3 network requirements and CE 
locations. The third portion 206 identifies IP interface on PE and IP address and quality 
of service (QoS) requirements and profiles. Customer information is also included in 
table 102, such as the customer A and customer B in the first row; CE1-CE1 1 belong to 
customer A and CE12-CE13 belong to Customer B. 

[0021] Referring to FIG. 3, a logical mapping table of VRFs and associated RTs is 
shown. The logical mapping table includes row entries of full mesh 310, hub and spoke 
with two VRFs 312, hub and spoke with one VRF 314, and a central service row 3 1 6. 
The column entries include the assigned RTs and VRFs 330, 332, 334, and a comments 
column 306. 

[0022] Referring to FIG. 4, VRF and RT mapping tables 440, 450, and 460 for multiple 
PEs are shown. A first table 540 for PE1 includes a plurality of VPN row elements 402- 
412, a VRF indicator row 414, and a plurality of CE columns 422-430. The table 440 
also includes a topology indication column 420. As shown, one of the VRFs, VRF_4 
labeled 432 is shared by two CEs, CE12 in column 428 and CE13 in column 430. By 
providing for a shared VRF, the number of used VRFs for the desired VPN topology is 
beneficially reduced and for a large network provides for reduced VRF deployment costs. 
Thus, the resulting set of VRFs is a reduced size set. In accordance with the VRF 
generation rules, RTs are assigned for each CE based on its topology requirement in 
Table 1 and the RT generation rules in Table 2. If multiple CEs share the same RT set, 
such as the last CE12 and CE13, then they share one VRF. Generally, each VRF owns 
all the RTs in its column, However, all the CE members of one full mesh VPN belong to 
another full mesh VPN, which means that one VPN is the subset of another VPN. 
Therefore, the corresponding VRF may not need the RT of the subset VPN if it makes no 
difference to the customers. 
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[0023] Dualhoming requirement can also be handled with respect to Table 1 . There are 3 
common scenarios for dualhoming: 

1 . Two CEs connecting to two PE by two physical or logical links. 

This scenario can be handled by Table 1 natively. 

2. One CE connecting to two PE by two physical or logical links. 

Two columns for each CE are used. Part 1 for these two columns are the 
same. There may be the same or different L2 or L3 requirement in part 2, one 
IP interface and IP address/mask on each PE in part 3. 

3. One CE connecting to one PE by two parallel physical links or logical links. 

Two columns for each CE are used. Part 1 for these two columns are the 
same. There may be the same or different L2 or L3 requirement in part 2, 
operation needs to assign two IP interfaces and two IP addresses/masks on the 
PE. 

[0024] The "Site" concept in industry standard RFC2547bis can also be easily integrated 
into Table 1 by adding a row named "Site" in Table 1 which tells which site each CE 
belong to. If a customer wants the traffic between two or more CEs go through its private 
network only, which means that customer does not rely on the SP network as both 
primary and backup connection for these CEs, these CEs should be assigned to one site. 
The same SOO (Site of Origin) should be configured for the CE-PE interfaces on PEs to 
avoid routing loop if EBGP is used as the CE-PE routing protocol. 

[0025] Referring to FIG. 5, a sample operations system for implementing the disclosed 
provisioning procedure is shown. The operations system includes a computer system 502 
with a memory 504. The computer system 502 is coupled to a backbone network 520, 
such as a MPLS network. The computer system 502 has an input/output device 510 and 
a terminal 506 with a display 508 used to interface to network operations personnel. 
Computer software that can receive an operator input table and can perform automated 
provisioning procedures to deploy VRF and RT assignments for network elements within 
the backbone network 520 can be disposed in the memory 504 and executed by the 
computer system 502. An example of a suitable computer system 502 is a commercially 
available personal computer or workstation. 
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(0026] Referring to FIG. 6, a particular embodiment of a method of provisioning a 
network is illustrated. A high level description of a network topology, such as the table 
102 of FIG. 1, is received, at 602. A set of provisioning rules is applied to the topology 
of the network to produce a plurality of route targets (RTs) associated with virtual private 
networks to be assigned to the network, at 604. A set of route targets from the plurality 
of route targets is grouped with respect to each customer edge router (CE) within the 
network to form a group of route target sets, at 606. Duplicate sets of route targets are 
removed from the group of route targets to form a reduced size set of route targets, at 
608. Each set of route targets in the reduced size set of route targets is assigned to a 
virtual routing and forwarding (VRF) element all the CEs with the same RT set on one 
PE should share one VRF, at 610. By reducing the number of route targets and by 
sharing VRFs, less network resources are consumed by the desired network topology. 
An output file is generated, at 612, that includes output data that identifies each of the 
VRFs and the associated route targets assigned to each of the VRFs. The output file may 
be deployed to physical network equipment to complete the provisioning process. 

[0027] Referring to FIG. 7, another particular embodiment of a method of provisioning is 
illustrated. A set of rules is provided regarding assignment of route targets for each of a 
plurality of virtual private networks, at 702. Provider edge routers (PE) of a backbone 
network are configured, at 704. Customer edge routers (CE) are configured, at 706. 
Each of the CE nodes has a relationship link to at least one of the PE elements. Route 
targets are assigned to each of the CE nodes based on topology requirements of the 
backbone network and based on the set of rules, at 708. An example of the set of rules is 
the table of rules illustrated in FIG. 3. Each of the CE nodes and VRFs are configured 
with respect to the corresponding PE elements to form a logical network topology, at 710. 
The logical topology may be converted into an output file that is deployed in physical 
router equipment, to thereby provision such equipment. 

[0028] Referring to FIG. 8, a method of provisioning for a modified network topology is 
shown. A particular site or a particular VPN is added, deleted, or modified, at 802. This 
modification results in a changed topology. The operations table, such as the illustrated 
operator input table 102, is updated to correspond to the modified topology including 
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updated VPNs, at 804. For example, a customer may add, delete, or change a desired 
VPN. The automated provisioning method (see system 130 of FIG. 1) is re-executed 
using the updated operations table as its input to determine whether any changes are 
needed to VRFs or RTs for the network, at 806. If changes are needed, a necessary set of 
VRF/RT commands to deployed network equipment is provided to provision the 
modified topology, at 808. Thus, a method of automatically provisioning a desired VPN 
network that can also handle modifications to the desired VPN topology with reduced 
reliance on operator technical ability has been disclosed. 

[0029] As a particular example, when adding a new site to one or multiple existing 
VPNs, the provisioning steps described above with respect to FIG. 1 are repeated with 
adding the new CE column and the provision system 130 will automatically decide if a 
new VRF need to be added for this new site or just let this new CE join an existing VRF. 
When delete a site from existing VPN services, the provisioning steps described with 
respect to FIG. 1 are repeated with deleting the CE and the provision system 130 will 
automatically decide if the CE attached VRF need to be deleted or not. When changing a 
VPN topology, the above described steps are repeated with modified VPN topology and 
the role of each CE in this topology, and the provision system 130 will automatically 
determine the VRFs and associated RTs. When adding a new VPN, the above described 
provisioning steps are repeated with modified VPN topology and the role of each CE in 
this topology, and the provision system will automatically decide the VRFs and 
associated RTs. When deleting a existing VPN, the provisioning steps are repeated with 
deleting the VPN and the provision system will automatically decide the VRFs and 
associated RTs. 

[0030] The disclosed provisioning system may feed the information of how many VRFs 
need to be used for each customer into billing system to easily support billing of 
MPLS/VPN services based on both the cost of VRFs as well as access costs since VRF is 
a limited resource in PE routers. The disclosed method and system provides a new 
service provision interface that allows operator use without requiring many of the specific 
technical network details, such as VRF, RT, SOO, route redistribution, etc. Further, the 
translation from a customer's requirements into technical network configuration 
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commands are handled using an automated method that is transparent to the operator. 
The disclosed service provisioning method allows provisioning in an efficient manner 
using an overall system view instead of a link by link method. 

[0031] The above disclosed subject matter is to be considered illustrative, and not 
restrictive, and the appended claims are intended to cover all such modifications, 
enhancements, and other embodiments which fall within the true spirit and scope of the 
present invention. Thus, to the maximum extent allowed by law, the scope of the present 
invention is to be determined by the broadest permissible interpretation of the following 
claims and their equivalents, and shall not be restricted or limited by the foregoing 
detailed description. 
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